| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2016-11-06 21:46:54.150373 | 2016-11-06 21:49:53.790866 | 179 seconds | 2.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| windowsxp1 | windowsxp1 | VirtualBox | 2016-11-06 21:46:56 | 2016-11-06 21:49:53 |
| File name | billing_doc_60787.doc | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| File size | 146432 bytes | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| File type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: , Author: Christian, Template: Normal.dot, Last Saved By: Windows, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Oct 26 12:25:00 2016, Last Saved Time/Date: Wed Oct 26 12:25:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 2, Security: 0 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRC32 | 4359A1BC | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MD5 | b107f3235057bb2b06283030be8f26e4 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA1 | b12d2984830eee5ef668032cc13691706efce4a5 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA256 | 5d077b1341a6472f02aac89488976d4395a91ae4f23657b0344da74f4a560c8d | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA512 | b7cb31da8be04e044b3c8aadaf00555277fe990cbc42a81d718812b849be153ba6a87227d37374a6ea3cc3de2a204a749e9b643d8a7c1f39a29aa7beb913b3b8 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Ssdeep | 3072:cazJJgkkkkkkkkkXKOvO1Xe+ajS9GNZyFIo9IFBjfDS:V7gkkkkkkkkkXy1O+aj62ySo96jfDS | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| PEiD | None matched | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Yara | None matched | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| VirusTotal |
Permalink VirusTotal Scan Date: 2016-11-06 12:18:43 Detection Rate: 34/54 (Expand)
|
| File name | 9ac371b5b84adb63_~wrs{d5f99d08-15a0-4713-b838-ea7627e7713e}.tmp |
|---|---|
| File size | 1536 bytes |
| File type | data |
| MD5 | f28fe1721c5f808d3b5758dae5fda183 |
| SHA1 | f216860449682b55621ecb066642336c7efd6626 |
| SHA256 | 9ac371b5b84adb63a1656cdd9fea626f3da06f97d44feca20e9b6c95cb5ca091 |
| SHA512 | 08d4625a0b8e18c68610b40d77844fb280157e593e78200d7fc83016dcb07b9931e8fffcca54618e6051f0d10470844cc9f7520a7b0da85350c80eead81e210d |
| Ssdeep | 6:IiiiiiiiiiRyMZ4/biguc8++l0k4NSWUVakskWwn:T4biguG+Ck4hUZsdwn |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 4826c0d860af884d_~wrs{3b7139b6-4ab2-481e-9253-be4edc065c9e}.tmp |
|---|---|
| File size | 1024 bytes |
| File type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| SHA512 | 95f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4 |
| Ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | b27b98df298e685e_~$normal.dotm |
|---|---|
| File size | 162 bytes |
| File type | data |
| MD5 | f7ae9c8c54bcb2cb8c1e3ba49eeb2b05 |
| SHA1 | bc2a4f523359d033d228e6832314973ba80cc83f |
| SHA256 | b27b98df298e685e1215345691123b3b5d81be0b55ca5c8840070ab0d42246f8 |
| SHA512 | 1e1a6fddfa3bf46ad45d64e43c6d2515e87faf4cac7fd51daa66fb2dc50ce7853b918f34b09ce108958ddd4f8e01cdbbed488d7f70ee4dfe21c977857772e5d5 |
| Ssdeep | 3:PtTtqlll/3l/1HXMDd1l//lCllflzNV:PtstK+7j |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 42433666cdf00c75_msforms.exd |
|---|---|
| File size | 147284 bytes |
| File type | data |
| MD5 | f6471a25ba5405179c913108c44a77e8 |
| SHA1 | 680b7cf9c74b9fa45a07551cc558932ace4d89f9 |
| SHA256 | 42433666cdf00c75303bdbb3c7ea37bd7f264c300d122be9a1021078714d5211 |
| SHA512 | fb48d967b0cf406690f199eb1e833fda514743c872c86318bfc6d3624920a379489d9f3bd30c5f9ff7f61d661aece2366d351feed22b07b2febb23fff7c893ed |
| Ssdeep | 1536:CkBL3FNSc8SetKB96vQVCBumVMOej6mXmYarrJQcd1FaLcmB:CCJNSc83tKBAvQVCgOtmXmLpLmB |
| Yara | None matched |
| VirusTotal | Search for Analysis |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 2016-11-06 21:47:32.717953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:32.727953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:32.787953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\oart.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\oart.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:32.797953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\oart.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\oart.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:32.897953 | NtOpenFile |
file_handle => 0x00000038 filepath => C:\WINDOWS\system32\imm32.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\IMM32.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:32.897953 | LdrLoadDll |
basename => IMM32 module_address => 0x76390000 flags => 0 module_name => C:\WINDOWS\system32\IMM32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:32.937953 | LdrLoadDll |
basename => LPK module_address => 0x629c0000 flags => 0 module_name => LPK.DLL |
SUCCESS | |||
| 2016-11-06 21:47:32.947953 | NtOpenFile |
file_handle => 0x00000048 filepath => \Device\KsecDD desired_access => 0x00100001 filepath_r => \Device\KsecDD open_options => 16 status_info => 0 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:32.987953 | LdrLoadDll |
basename => wwlib module_address => 0x31240000 flags => 0 module_name => wwlib.dll |
SUCCESS | |||
| 2016-11-06 21:47:32.997953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\mso.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:32.997953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\mso.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:33.087953 | NtOpenFile |
file_handle => 0x00000064 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:33.097953 | NtOpenFile |
file_handle => 0x00000064 filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:33.097953 | LdrLoadDll |
basename => mso module_address => 0x32600000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll |
SUCCESS | |||
| 2016-11-06 21:47:33.127953 | LdrLoadDll |
basename => MSO module_address => 0x32600000 flags => 0 module_name => MSO.dll |
SUCCESS | |||
| 2016-11-06 21:47:33.127953 | LdrLoadDll |
basename => mso module_address => 0x32600000 flags => 0 module_name => mso.dll |
SUCCESS | |||
| 2016-11-06 21:47:33.428953 | NtOpenFile |
file_handle => 0x00000078 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Cultures\OFFICE.ODF desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\Cultures\office.odf open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:33.448953 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Cultures\OFFICE.ODF desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\Cultures\office.odf create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:33.468953 | LdrLoadDll |
basename => Kernel32 module_address => 0x7c800000 flags => 0 module_name => Kernel32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:33.488953 | LdrLoadDll |
basename => wwintl module_address => 0x33d00000 flags => 2 module_name => C:\Program Files\Microsoft Office\Office12\1033\wwintl.dll |
SUCCESS | |||
| 2016-11-06 21:47:33.498953 | LdrLoadDll |
basename => ADVAPI32 module_address => 0x77dd0000 flags => 0 module_name => C:\WINDOWS\system32\ADVAPI32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:33.648953 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:33.648953 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:33.658953 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:33.668953 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:33.678953 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:33.698953 | LdrLoadDll |
basename => KERNEL32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\KERNEL32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:33.828953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:33.848953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:33.868953 | LdrLoadDll |
basename => MSPTLS module_address => 0x6bdc0000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL |
SUCCESS | |||
| 2016-11-06 21:47:33.908953 | NtOpenFile |
file_handle => 0x000000c0 filepath => C:\WINDOWS\system32\shell32.dll desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\SHELL32.DLL open_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:33.918953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\SHELL32.DLL.124.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\SHELL32.DLL.124.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:33.928953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\SHELL32.DLL.124.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\SHELL32.DLL.124.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:33.988953 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.008953 | LdrLoadDll |
basename => comctl32 module_address => 0x5d090000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.008953 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:34.039953 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.049953 | LdrLoadDll |
basename => rpcrt4 module_address => 0x77e70000 flags => 0 module_name => rpcrt4.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.059953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.069953 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000114 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:34.109953 | LdrLoadDll |
basename => MSCTF module_address => 0x74720000 flags => 0 module_name => C:\WINDOWS\system32\MSCTF.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.119953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.119953 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000118 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:34.139953 | LdrLoadDll |
basename => version module_address => 0x77c00000 flags => 0 module_name => version.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.139953 | NtOpenFile |
file_handle => 0x00000110 filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:34.159953 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000011c filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:34.169953 | NtOpenFile |
file_handle => 0x00000110 filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:34.179953 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000011c filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:34.189953 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => C:\WINDOWS\system32\ole32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.219953 | LdrLoadDll |
basename => msctfime.ime module_address => 0x755c0000 flags => 0 module_name => C:\WINDOWS\system32\msctfime.ime |
SUCCESS | |||
| 2016-11-06 21:47:34.219953 | LdrLoadDll |
basename => msctfime.ime module_address => 0x755c0000 flags => 0 module_name => C:\WINDOWS\system32\msctfime.ime |
SUCCESS | |||
| 2016-11-06 21:47:34.249953 | LdrLoadDll |
basename => MSORES module_address => 0x00fe0000 flags => 2 module_name => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL |
SUCCESS | |||
| 2016-11-06 21:47:34.249953 | LdrLoadDll |
basename => MSOINTL module_address => 0x01740000 flags => 2 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL |
SUCCESS | |||
| 2016-11-06 21:47:34.259953 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.269953 | LdrLoadDll |
basename => mscoree module_address => 0x00000000 flags => 0 module_name => C:\WINDOWS\system32\mscoree.dll |
FAILURE | |||
| 2016-11-06 21:47:34.279953 | LdrLoadDll |
basename => VERSION module_address => 0x77c00000 flags => 0 module_name => VERSION.DLL |
SUCCESS | |||
| 2016-11-06 21:47:34.289953 | NtOpenFile |
file_handle => 0x00000130 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:34.319953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:34.329953 | NtOpenFile |
file_handle => 0x00000130 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:34.329953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:34.359953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000130 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word12.pip desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word12.pip create_options => 4194404 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:34.369953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\OPA12.BAK desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\OPA12.BAK create_options => 2097252 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:34.409953 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000000 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x40110080 file_attributes => 32 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat create_options => 100 status_info => 4294967295 share_access => 0 |
FAILURE | |||
| 2016-11-06 21:47:34.409953 | NtOpenFile |
file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x00100100 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.449953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat create_options => 4196448 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:34.459953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat create_options => 4196448 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:34.960953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Program Files\Microsoft Office\Office12\ID_00030.DPC desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\ID_00030.DPC create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:35.170953 | OleInitialize | SUCCESS | ||||
| 2016-11-06 21:47:35.190953 | LdrLoadDll |
basename => MSO module_address => 0x32600000 flags => 0 module_name => MSO.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.260953 | LdrLoadDll |
basename => Winspool.DRV module_address => 0x73000000 flags => 0 module_name => Winspool.DRV |
SUCCESS | |||
| 2016-11-06 21:47:35.290953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\spool\drivers\w32x86\3\msonpui.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpui.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:35.300953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\spool\drivers\w32x86\3\msonpui.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpui.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:35.330953 | LdrLoadDll |
basename => msonpui module_address => 0x01640000 flags => 0 module_name => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpui.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.360953 | CoInitializeEx |
options => 2 |
FAILURE | |||
| 2016-11-06 21:47:35.370953 | NtOpenFile |
file_handle => 0x0000015c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.380953 | NtOpenFile |
file_handle => 0x0000015c filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.390953 | NtOpenFile |
file_handle => 0x00000160 filepath => C:\Program Files\Microsoft Office\Office12\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.400953 | NtOpenFile |
file_handle => 0x00000160 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.441953 | LdrLoadDll |
basename => UxTheme module_address => 0x5ad70000 flags => 0 module_name => UxTheme.DLL |
SUCCESS | |||
| 2016-11-06 21:47:35.491953 | NtOpenFile |
file_handle => 0x00000168 filepath => C:\Program Files\Microsoft Office\Office12\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.501953 | NtOpenFile |
file_handle => 0x00000168 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.511953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000168 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.521953 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000016c filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:35.531953 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000016c filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:35.541953 | NtCreateFile |
create_disposition => 5 file_handle => 0x00000170 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm desired_access => 0x40100080 file_attributes => 2 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:35.551953 | NtWriteFile |
buffer => PKSJ file_handle => 0x00000170 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:35.571953 | NtWriteFile |
buffer => P K S J I T S ,¬b2 ¬b2å¸2 Èå¸2 xæ¸2 0ç¸2 ðç¸2 °è¸2 file_handle => 0x00000170 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:35.591953 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.591953 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:35.601953 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.611953 | LdrLoadDll |
basename => SETUPAPI module_address => 0x77920000 flags => 0 module_name => SETUPAPI.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.621953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000190 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.621953 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000190 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:35.641953 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000018c filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.641953 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x0000018c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:35.671953 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.681953 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.681953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.701953 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.701953 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.731953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.731953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.771953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.851953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.881953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.921953 | NtOpenFile |
file_handle => 0x00000198 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.921953 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.921953 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.971953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.001953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.001953 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:36.011953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.011953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.021953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.021953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.051953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.091953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.122953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.132953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.162953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.192953 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:36.202953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.202953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.212953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.222953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.232953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.262953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.272953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.322953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.332953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.342953 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:36.342953 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:36.352953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.362953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.372953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\All Users\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.382953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\All Users\Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.392953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\All Users\Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.402953 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\All Users\Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:36.412953 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:36.412953 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:36.422953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.432953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.442953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\All Users\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\All Users\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.442953 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:36.452953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.472953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 4294967295 share_access => 0 |
FAILURE | |||
| 2016-11-06 21:47:36.472953 | NtCreateFile |
create_disposition => 1 file_handle => 0x000001a4 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.482953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 96 status_info => 4294967295 share_access => 0 |
FAILURE | |||
| 2016-11-06 21:47:36.492953 | NtCreateFile |
create_disposition => 1 file_handle => 0x000001a4 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.502953 | NtCreateFile |
create_disposition => 1 file_handle => 0x000001a4 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 96 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.522953 | LdrLoadDll |
basename => OLEAUT32 module_address => 0x77120000 flags => 0 module_name => OLEAUT32.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.572953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.582953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.592953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\riched20.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:36.602953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\riched20.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:36.632953 | LdrLoadDll |
basename => riched20 module_address => 0x3a780000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.632953 | LdrLoadDll |
basename => OLEAUT32 module_address => 0x77120000 flags => 0 module_name => OLEAUT32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:36.642953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.652953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.662953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.662953 | CoCreateInstanceEx |
class_context => 0 clsid => {00000000-0000-0000-0000-000000000000} iid => [] |
FAILURE | |||
| 2016-11-06 21:47:36.672953 | LdrLoadDll |
basename => oleaut32 module_address => 0x77120000 flags => 0 module_name => oleaut32.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.672953 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\kernel32.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.682953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.692953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.702953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.712953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.722953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.742953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.752953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.782953 | CoInitializeSecurity | SUCCESS | ||||
| 2016-11-06 21:47:36.782953 | LdrLoadDll |
basename => OLE32 module_address => 0x774e0000 flags => 0 module_name => OLE32 |
SUCCESS | |||
| 2016-11-06 21:47:36.802953 | LdrLoadDll |
basename => OLE32 module_address => 0x774e0000 flags => 0 module_name => OLE32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:36.813953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.823953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.833953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.843953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.853953 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:36.903953 | NtCreateFile |
create_disposition => 5 file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{3B7139B6-4AB2-481E-9253-BE4EDC065C9E}.tmp desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{3B7139B6-4AB2-481E-9253-BE4EDC065C9E}.tmp create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:36.913953 | NtWriteFile |
buffer =>
ý file_handle => 0x00000194 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:36.953953 | CoCreateInstance |
class_context => 23 clsid => {88d969ef-f192-11d4-a65f-0040963251e5} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:37.003953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.213953 | LdrLoadDll |
basename => gdi32 module_address => 0x77f10000 flags => 0 module_name => gdi32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:37.233953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.253953 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.283953 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.363953 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.433953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000254 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.433953 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000254 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:37.604953 | NtOpenFile |
file_handle => 0x00000074 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.614953 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.614953 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.624953 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.624953 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.634953 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.654953 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.674953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000074 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\billing_doc_60787.doc desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\billing_doc_60787.doc create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.684953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000074 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\billing_doc_60787.doc desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\billing_doc_60787.doc create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:37.714953 | NtCreateFile |
create_disposition => 2 file_handle => 0x000002a0 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\~DFDA20.tmp desired_access => 0xc0110080 file_attributes => 256 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDA20.tmp create_options => 4192 status_info => 2 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:37.734953 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.794953 | NtCreateFile |
create_disposition => 1 file_handle => 0x000002ac filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.834953 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.844953 | NtCreateFile |
create_disposition => 1 file_handle => 0x000002ac filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.854953 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.864953 | NtCreateFile |
create_disposition => 1 file_handle => 0x000002ac filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.874953 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.884953 | NtCreateFile |
create_disposition => 1 file_handle => 0x000002ac filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:37.934953 | NtCreateFile |
create_disposition => 5 file_handle => 0x0000007c filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\~$lling_doc_60787.doc desired_access => 0x40100080 file_attributes => 2 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~$lling_doc_60787.doc create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:37.944953 | NtWriteFile |
buffer => PKSJ file_handle => 0x0000007c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:37.964953 | NtWriteFile |
buffer => P K S J I T S ,¬b2 ¬b2å¸2 Èå¸2 xæ¸2 0ç¸2 ðç¸2 °è¸2 file_handle => 0x0000007c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:38.124953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.134953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.144953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.154953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.164953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.164953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.174953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.184953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.215953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.225953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.235953 | NtOpenFile |
file_handle => 0x000002ac filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.305953 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.315953 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.325953 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.335953 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:38.485953 | NtCreateFile |
create_disposition => 5 file_handle => 0x000002b4 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{FC87C8F0-EBC9-4864-A60B-22048ED3BDBE}.tmp desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{FC87C8F0-EBC9-4864-A60B-22048ED3BDBE}.tmp create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:38.575953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd open_options => 96 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:38.585953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd create_options => 4194404 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:38.595953 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd open_options => 96 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:38.605953 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd create_options => 4194404 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:38.715953 | NtCreateFile |
create_disposition => 5 file_handle => 0x000002c4 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{D5F99D08-15A0-4713-B838-EA7627E7713E}.tmp desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{D5F99D08-15A0-4713-B838-EA7627E7713E}.tmp create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:38.725953 | NtWriteFile | buffer => ( ( ( ( ( ( ( ( ( ( ( I T S P K S J P " |